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LISTING OF THF PT ATMS 

This listing of claims will replace all prior versions, and listings, of claims in the present 
application. Additions are identified by underlining . Deletions are indicated by otrikothrough 
[[double brackets]]. 

1 . (Original) A method of operating a communications network including a firewall 
comprising the steps of: 

monitoring delays associated with the closing of ports corresponding to 
communications sessions following the termination of said communications sessions as 
indicated by session control signals; and 

generating an alert signal when a monitored closing delay exceeds a preselected 
threshold. 

2. (Original) The method according to claim 1, further comprising the steps of: 
communicating said alert signal to a security management system; and 

operating said security management system to initiate at least one security operation in 
response to said alert signal. 

3. (Original) The method of claim 2, wherein said step of initiating at least one 
security operation includes: 

adjusting network routing to reduce the load on the firewall system which 
triggered said alarm signal. 

4. (Original) The method of claim 2, wherein said step of initiating at least one 
security operation includes: 

controlling the firewall at which said closing delay exceeding said threshold was 
detected to drop traffic until the detected closing delays at said firewall no longer exceed 
said threshold. 
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5. (Original) The method of claim 2, wherein said step of initiating at least one 
security operation includes: 

notifying a system administrator of said alarm condition. 

6. (Original) The method of claim 2, wherein monitoring delays associated with the 
closing of ports corresponding to communications sessions includes: 

transmitting test signals through a port corresponding to an established 
communications session; 

monitoring to detect said test signals which pass through said port; 

transmitting a signal to terminate said established communications session; and 

determining the time between transmitting said signal to terminate said 
established communications session and when the monitored test signals can no longer be 
detected passing through said port. 

7. (Original) The method of claim 6, wherein said test signals are IP packets and 
where said signal to temiinate said established conmiunications session is one of a SIP 
and an H323 compliant signals. 

8. (Qrigmal) The method of claim 7, fiolher comprising: monitoring delays 
associated with the opening of ports corresponding to communications sessions following 
the transmission of session initiation signals used to establish said communications 
session; and 

generating an opening delay alert signal when a monitored opening delay exceeds 
a preselected opening delay threshold. 

9. (Previously Presented) A method of operating a communications network 
including a jBrewall comprising the steps of: 

monitoring delaj^ associated with the opening of ports corresponding to 
communications sessions being initiated through the use of session control signals; and 

generating an alert signal when a monitored opening delay exceeds a preselected 
threshold. 
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1 0. (Original) The method according to claim 9, further comprising the steps of: 
communicating said alert signal to a security management system; and 

operating said security management system to initiate at least one security operation in 
response to said alert signal. 

1 1 . (Original) The method of claim 1 0, wherein said step of initiating at least one 
security operation includes: 

adjusting network routing to reduce the load on the firewall system which 
triggered said alann signal. 

1 2. (Original) The method of claim 1 0, wherein said stq> of initiating at least one 
security operation includes : 

controlling the firewall at which said opening delay exceeding said threshold was 
detected to drop traffic until the detected opening delays at said firewall no longer exceed 
said threshold. 

13. (Original) The method of claim 10, wherein said step of initiating at least one 
security opa:xition includes: 

notifying a system administrator of said alarm condition. 

1 4. (Previously Presented) A communications system comprising; 

a firewall system responsive to session signals to open and close ports in response 
to the establishment and termination of communications sessions^ respectively; 

means for monitoring said firewall to detect a port closing delay following a 
signal to terminate a conmiimications sessicm; and 

an alann generation device for generating an alarm when the port closing delay is 
determined to exceed a preselected threshold. 

15. (Original) The communications system of claim 14, further comprising: 
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a security management system for receiving alarms generated by said alarm 
generation device and for performing at least one security operation in response to said 
alert signal. 

16. (Original) The communications system of claim 15, wherein said at least one 
security operation is a routing change operation, said security management system 
including means for transmitting routing change infomiation to at least one network 
router to redirect at least some communications traffic away fiom said firewall to thereby 
reduce the traffic load on said firewall. 

17. (Original) The communications system of claim 15, wherein said at least one 
security operation is a firewall control operation, said security management system 
including means for signaling said firewall to drop traffic to reduce the load on said 
firewall. 

18. (Original) The communications system of claim 15, wherein said at least one 
security operation includes notifying a system administrator of said detected port closiog 
delay exceeding said preselected threshold, said security management system including a 
graphical display for showing a graphical representation of the detected port closing 
delay information. 

19. (Original) The communications system of claim 1 5, wherein said means for 
monitoring said firewall to detect a port closing delay following a signal to terminate a 
communications session includes: 

a probe signal generator for generating test signals directed at a port associated 
with the communications session being terminated; and 

a signal analyzer for determining when said generated test signals cease passing 
through said port associated with the communication session following transmission of a 
signal to terminate said communications session. 
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20. (Original) The communications system of claim 1 9, wherein said probe signal 
generator includes means for generating session signals used to initiate and terminate 
communications sessions conducted through said firewall. 

21. (Original) The communications system of claim 20, wherein said session signals 
are one of SIP signals and H.323 signals. 

22. (Original) The communications system of claim 20, wherein at least some of said 
test signals are IP packets. 

23. (Original) The communications system of claim 15, wherein said security 
management system includes: 

means for receiving alarms from a plurality of different alarm generation devices 
located at different locations in said communications system; and 

means for analyzing alarms received from different alarm generation devices^ 
over a period of time, to identify the location of one or more traffic sources causing 
alarms during said period of time. 

24. (Original) The communications system of claim 15, wherein said security 
management system includes: 

means for receiving alarms from a plurality of different alarm generation devices 
located at different locations in said communications system; and 

means for analyzing alarms received fix>m different alarm generation devices, 
over a period of time, to predict the occurrence of future security alarms. 

25. (Previously Presented) A communications system comprising; 

a firewall system responsive to session signals to open and close ports in response 
to the establishment and termination of commimications sessions, respectively; 

means for monitoring said firewall to detect a port opening delay following a 
signal to establish a commimications session; and 
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an alarm generation device for generating an alann when the port opening delay is 
determined to exceed a preselected threshold, 

26. (Original) The communications system of claim 14, further comprising: 

a security management system for receiving alarms generated by said alarm 
generation device and for performing at least one security operation in response to said 
alert signal. 
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